Pages

Wednesday, January 26, 2011

Digital Certificate (SSL part 1)

Digital Certificate is an encrypted and digitally signed attachment that authenticates a user on the Internet/ intranet. A digital certificate is issued by a certificate authority (CA), and attests to the legitimacy of an online transfer of information, or other sensitive materials through the use of encryption.

A digital certificate includes the sender's name, a serial number, expiration dates, a copy of the certificate holder's public key, and the digital signature of the issuing CA.A digital certificate holder has both a private key and a public key. The private key is held only by the user and is for signing outgoing messages and decrypting incoming messages.

The public key is available to anyone for encrypting data to send to the holder of that public key, who then uses the private key to decrypt the message. Many digital certificates conform to the X.509 standard.

Note : actually here the digital equivalent of an ID card in conjunction with a public key encryption is used to get certified.which is called “Digital ID” ,”Digital Identity Certificate ”, “Identity Certificate” ," Public Key Certificate".

Digital Certificates are Issued by a trusted third party known as “Certification Authority” (CA) such as VeriSign and Thawte.which verifies the public key belongs to a specific company or the individual , and the validation process it goes to determined who it clims to be depends on the level of certification.

Creating the Certificate :

After the validation process is completed , the CA creates aan X.509 certificatie that contains CA and Subject information, including the subject’s public key. The CA signs the certificate by creating a digest (hash) of all the fields in the certificate and encrypting the hash value with its private key.

The encrypted digest is called “Digital Signature ” and when place in to the X.509 certificate is said to be “Signed”.

Note : CA keeps its private key very secretly as if it is ever unveiled false certifications could be created.

Process of Signed Certificate verification :

Is done by the recepients software that is typically the web browser.initially the browser maintain its internal list of popular CA s and their public keys and uses the appropriate public key to decrypt the signature back in to the digest.

Then recomutes its ow set of digest from the text I the certification and compares the two .if both match the integrity of the certificate is verified.

Then the subject's public key may also be used to provide a secure key exchange in order to have an encrypted two-way communications session